[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] hw/ufs: Fix mcq register range determination logic
From: |
Jeuk Kim |
Subject: |
[PATCH] hw/ufs: Fix mcq register range determination logic |
Date: |
Wed, 3 Jul 2024 17:54:10 +0900 |
The function ufs_is_mcq_reg() only evaluated the range of the
mcq_op_reg offset, which is defined as a constant.
Therefore, it was possible for ufs_is_mcq_reg() to return true
despite ufs device is configured to not support the mcq.
This could cause ufs_mmio_read()/ufs_mmio_write() to overflow the
buffer. So fix it.
Fixes: 5c079578d2e4 ("hw/ufs: Add support MCQ of UFSHCI 4.0")
Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com>
---
hw/ufs/ufs.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/hw/ufs/ufs.c b/hw/ufs/ufs.c
index 683fff5840..cf0edd281c 100644
--- a/hw/ufs/ufs.c
+++ b/hw/ufs/ufs.c
@@ -57,7 +57,13 @@ static inline uint64_t ufs_reg_size(UfsHc *u)
static inline bool ufs_is_mcq_reg(UfsHc *u, uint64_t addr, unsigned size)
{
- uint64_t mcq_reg_addr = ufs_mcq_reg_addr(u, 0);
+ uint64_t mcq_reg_addr;
+
+ if (!u->params.mcq) {
+ return false;
+ }
+
+ mcq_reg_addr = ufs_mcq_reg_addr(u, 0);
return (addr >= mcq_reg_addr &&
addr + size <= mcq_reg_addr + sizeof(u->mcq_reg));
}
--
2.34.1
- [PATCH] hw/ufs: Fix mcq register range determination logic,
Jeuk Kim <=